Archive

As technology it is not slowing down and cybercrime is on the rise — it is crucial that information on cybercrime and awareness is made more available for all people. For this reasons, E-Crime Expert is glad to welcome Home Security, as a guest and feature their valuable website and material bellow.

About:

Home Security.org is a constantly developing comprehensive Home Security and Personal Security information resource.

In the not-too-distant past, the threat of hacking was confined to PCs and laptops. Today, we rely on a proliferation of electronic devices for communication, directions and entertainment – all potential channels of information for hackers with malicious intent. Wi-Fi and Bluetooth technology, cell phones, Global Positioning Services (GPS), Internet-enabled TVs, tablets and wired cars are all susceptible to thieves trying to access critical personal information.

Cybercrime is on the rise, one of the most rapidly growing areas of prosecuted crime. Hackers may be computer geeks with malicious intent, identity thieves, spies, traders in illegal pornography or businesses attempting to disrupt competitor’s websites. The impact on society can be staggering, ranging from downed systems for vital infrastructure like hospitals or emergency response systems to financial cost. Brand damage is difficult to measure, and the cost to repair and prevent future damage from hackers annually runs into the billions.

What Kinds of Cybercrime Exist?

While it seems that hackers crack codes for every new device that hits the marketplace, there are some defined forms of cybercrime that have been deemed illegal by state and federal authorities.

Harassment: The most common form of cybercrime, the term harassment includes obscenities or insulting comments directed towards an individual or group of individuals, and may or may not be related to sexual orientation, religion, ethnicity or gender.

Offensive Content: Obscene and distasteful content on the Internet is not only something that children should not see; it is illegal in many countries.

Fraud: Internet fraud can take many forms, but it is most often in the guise of misrepresenting oneself and enticing a consumer to provide sensitive information. Fraud is usually financial in nature and is often related to identity theft. Technically, it is also fraudulent to use your neighbor’s Internet signal if you are not paying for it.

Trespassing: Hackers illegally gain access to individual hard drives and can remove or copy files, install software, view browsing history and access your passwords. Trespassing is often fraudulent; for example, a cloned website of a familiar vendor may request that readers click a link or download a file that allows access to a hard drive.

Drug Trafficking: Encrypted emails are used by drug traffickers around the world to share manufacturing formulas and arrange deals and delivery of illegal drugs.

Spam: Unsolicited e-mail is not only annoying; it is often used for phishing, a practice that deceives users into providing delicate data such as Social Security numbers, birthdates, passport identification numbers or credit card numbers. This information is used by identity thieves, or to access bank and credit card accounts. Spam often contains malicious bits of code that can permanently damage your computer. Some spammers practice spoofing, allowing them to use your email address to send the same code to everyone in your address book.

Information Warfare: Targeted at businesses and large, complex systems, information warfare aims to disable these systems. These cybercriminals either use malicious code or repeatedly hit the server from multiple computers at once, causing the target server to crash.

Malware: A very common source of disabled devices is malware, or malicious software. Malware files can be downloaded to your device without your consent, sometimes even without your knowledge. These files allow criminals to monitor your activities on your device or crash it permanently. Cell phones are particularly prone to malware due to their small screen size; it may be easy to miss a link or download notification on a cell phone.

Devices other than laptops and cellphones are at risk. In April 2012, Sony’s PlayStation Network was famously hacked, shutting down its network and releasing personal information for 100 million users. Internet TVs, designed to allow access to streaming content like Netflix and Pandora, open a window for hackers to not only access your television, but any computers that are linked to the same network. Cars that are wired for personal use, which are increasingly popular in new models, may provide criminals a pathway to your phone and all of the delicate information kept therein. Alarmingly, it was recently proven that medical devices such as insulin pumps for diabetics can be hacked and controlled by an outsider.

Smartphone apps, those useful and helpful tools we love, can offer opportunities for hacking. Home alarm systems that are controlled by apps may allow an evil-minded hacker to access your home’s security features without your knowledge. Many popular apps are based on GPS systems, which are often provided to third parties without your knowledge. The ubiquitous Bluetooth technology is not immune to exposure; hackers can spam your phone, access its contents or take it over completely via Bluetooth channels.

Are We Defenseless?

While consumers should be aware of the possibilities, there is no reason to panic. Developers are creating code that resists hacking attempts as fast as hackers come up with new tactics, and the U.S. government is watchful. The Department of Justice, the FBI and the Department of Homeland Security all have personnel dedicated to the eradication of cybercrime, and hackers are prosecuted with misdemeanor or felony charges.

There is much you can do to protect yourself from cybercrime. Your devices are programmable for varying levels of protection, and manufacturers of the products you use pre-install protection measures and offer upgrades to security when necessary. Take advantage of these tools and make the following security best practices part of your routine:

Turn off your computer. It is common practice to leave computers on all the time, especially given our impatience with rebooting. Unfortunately, leaving a computer in “sleep mode” offers no more protection than your antivirus software provides, and today’s high-speed networks can allow a hacker to access your PC or laptop swiftly. A computer that is turned off cannot be hacked from an external source.

Update your antivirus software. Companies who manufacture this software are constantly revising code to keep up with new threats, and many issue patches within hours of the appearance of a new worm or malware. Even Macs, once considered immune to viruses, have been infected. Consider bolstering your current software with additional protection. Set your software to receive updates automatically, and ensure that you have spyware protection.

Update your operating system. Similar to antivirus software developers, the manufacturers of your operating system are constantly reacting to new cybercrime threats. Unfortunately, some viruses, worms and malware take the guise of a software update and trick users into downloads. Take the extra few minutes to learn exactly how your system will notify you of an official update, and follow directions when prompted. If you are unsure whether an update is legitimate, check your system user’s guide.

Download wisely. Never open an attachment from someone you do not know, and be suspicious of email forwards with unexplained or confusing attachments. Many antivirus programs, such as Vipre, offer an email protection setting that can alert you to a suspicious attachment from a known user; both traditional corporate and free email clients like Gmail can benefit from this extra protection. When surfing the web, set your page security settings high so that you don’t inadvertently download malware; a strong antivirus program will warn you or prevent you from accessing sites that are dangerous.

Always turn on your firewall. Most laptops and PCs are equipped with a firewall, a barrier to malicious elements that can be configured to a single computer or to a network. Firewalls are commonly pre-configured into the hardware of your computer and protect you from all incoming information. Check the system security on your laptop or PC to see that you have a firewall and that it is turned on. You may also download additional firewall protection. A router for a home wireless network connection provides an extra layer of protection; routers that are set to provide wireless connectivity to multiple devices in your home automatically discard any malicious incoming traffic that is not directed to a single IP address.

Be aware when traveling internationally. Any devices that you travel with, including cell phones, are vulnerable. Exercise caution where free wi-fi is offered, such as in coffee shops and airports. When you access a wireless signal outside of your home’s firewall protection, you are more vulnerable. Take only the devices you need, and back them up before you travel. Consider deleting sensitive data for the duration of your trip and using completely different access passwords for your devices. The FCC offers additional tips for travelers with electronic devices.

Vigilance and awareness are the two best defenses you can provide. The world of cybercrime is fast-moving, and talented individuals with evil intent are attempting to break into new devices as fast as they are developed. However, staying aware of current events in cybercrime news and the updates you may need, as well as fully exploiting the crime prevention tools at your disposal, will keep your home and your data safe from intruders”.

E-Crime Expert presents today the basic tips for helping users know if their email account was accessed without authorization by someone else. In order to find out, users could use their sign-in history log or activity logs that are provided by Yahoo Mail or Gmail. Unfortunately, Hotmail does not yet offer such option.

Go to Account Info, located under the drop down menu when you click on your name on the upper right corner of your Yahoo page (you have to be logged on).

Step 2.

Then, you will be prompted to introduce again your password in order to Access your Info.

Step 3.

You will be re-directed to the page where all your account info are displayed.

Navigate to the right side bottom of that page to: View your recent sign-in activity.

Step 4.

Click on View your recent sign in activity box and you will be taken to your recent account log in activity that will display the place from were you loged on in the past weeks (Country and City), the IP address from where you were logged on, the Date and the Time you logged on, the Access Type (Browser) and the Event, which refers to the either log in, log out or mail access. If you would like to have a report that goes further in time than two weeks, click on View More option, on the bottom right of that page.

II. Gmail

Step 1.

Log in your Gmail account and go to your name on the upper right corner of your account. and click View Profile.

Step 2

Then you click on the Account Activity tab and you will be re-directed to another page where you could view the basic information about your all Gmail-related account such as Picasa, Mail, YouTube, etc.

Step 3.

To order your Activity report, click on the Account tab and beside you will see the last Countries you signed in your account and the exact time, you could also order your Account Activity Report.

Step 4.

After you ordered your Google Account Activity Report, from your Account page, you will receive an email Notification in your Gmail account. Open the message and click Open Access Activity report, then you have to type your password again in order to access this Report.

Alternative way for accessing your Gmail Activity History:

Step 1.

While logged in your Gmail Account, go to the very bottom-right corner of your account and click Details.

Step 2.

Then, you will be automatically redirected to another page where all your recent Account Activity will be displayed: Access Type, Location IP, Date and Time.

III. Hotmail

Unfortunately Hotmail does not provide such a function to access your Account History or Activity Log (as you could see in the picture bellow). Although anyone could send an email to Hotmail’s reps asking for their Activity Log Report. This Report will provide users with a maximum of two weeks of their Activity Log information. Further than two weeks account activity/log in history, Hotmail says, that it will be only provided for law enforcement purpose or requests.

Google having access to our search and browsing history was notorious. But to store all this browsing history in a well-organized file(s) for each user, is really scary! Why? For profiling purposes for example, which I have written about extensively in several blog posts and even my LLM thesis.

But also concerning is that if someone breaks into someone else’s Google account or someone leaves their account on, on a computer or there are family members/roommates sharing a computer. In all these cases, it could be granted full access to all user’s browsing history which can reveal very personal information and possibly even financial information such as bank logins and passwords (if that person chose to tick the box for automatic login). As you could see bellow, the visited page is in a form of a link. When clicked, it takes the user to the linked website, bank account, email account, online store, online purchasing account, which may bring serious security risks.

The very well-structured report on browsing history available now to Google users (when you have an account with Google), with precise dates, times, number of visualizations, browsing history based on different content categories such as blogs, videos, pictures, shopping, maps… and with a perfect synchronization of the information used even between the terminals a user used (e.g. work, home, internet café) it is really concerning.

Picture 1.

-Left: all history on the web, images, news, videos, blogs….

-Middle: web history, visited web links, with the date, time, number of loggins

-Right: calendar from where one could chose the date or time period to see the web history on a Google account.

See bellow Google’s description about this feature:

“Web History records information about the web pages you visit and your activity on Google, including your search queries, the results you click on, and the date and time of your searches in order to improve your search experience and display your web activity.”

Imagine this going hand in hand with the proposed ACTA, even downloading music for your personal use (which is legal in The Netherlands) will be a real threat in regards to policing the Internet and monitoring a user for ACTA enforcement purposes, having access to so much information about user web history including music downloads.

Picture 2.

-material downloaded, time, date and very important, from where it was downloaded.

I have personally considered for some time now that, no one has either anonymity or privacy on the Internet anymore. But in addition to this, now no one has much security either. If for some, the right to privacy is something immaterial, the security issues should be concerning and regarded as something tangible.

If you would like to remove your web browsing history (at least from your account because Google will always have it), follow the steps here:

1. Go to your Google account and on the right side and after you clicked on it, select “Account settings”

2. Go to “View, enable or disable web history” (very bottom of the page) and there click on “Go to web history”

3. Go to “Remove all Web history” and click “ok”

If you receive this message “Your search history is currently empty”, then supposedly your web history has been removed up to that date and time. From then on the history will be again stored under your account.

4. if you would like to turn the web history feature off, just press “Pause”

5. If you would like to have your all web history stored on, press “Resume”.

Happy New Year to everyone! Wish you all the best for this year, but most importantly, I wish you to be healthy and around your families! Also, stay safe!

Maybe for some of you Santa was kind enough and brought you new electronic devices such as a new laptop, desktop, iPad, tablet or smartphone. That sounds exciting, but have you thought what are you going to do with your old electronic device? Giving it away to charity? Selling it on a classified website, or giving it to a family member or friend? In any of these cases you should first be sure that you are not involuntarily sharring your private info and data. For this reason, E-Crime Expert presents again today some tips on how to remove this personal data from your old electronic device before being given away.

Please watch this video tutorial here:

More details are provided bellow:

A large volume of electronic data is stored on computer systems and electronic media. Much of this data consists of confidential and sensitive information, including patient records, financial data, personnel records, and research information.

If you are with a company or organization that accepts donations or properly dismantles computers, electronics, or hard drives, take them there.

If you have a computer or computer equipment that you believe is beyond repair or is too old to be useful take it to a dismantling centre.

Many computer manufacturers and computer hardware manufactures also have their own recycling or trade in programs. When you buy a new computer you could perhaps trade in the old one.

All computer systems, electronic devices and electronic media should be properly cleared of sensitive data and software before being transferred from you to another seller or dismantling centre.

Computer hard drives should be cleared by using software and then be physically destroyed. Non-rewritable media, such as CDs or non-usable hard drives, should be physically destroyed (ie. scratched, broken into pieces).

Try to destroy or dismantle you hard drive, external hard drive, printer, fax, cell phone, computer, camera, web camera, GPS, laptop because all these devices have internal memory where sensitive data is still stocked even if properly deleted manually or with a software.

When you sell an old laptop or PC, try first to “format” your device and reinstall the operating system- If you are not able to do this, at least try to DELETE:

All your photos, videos, music files, located on the following folders: Desktop or My Documents, My Music, My videos (Movies),

Sync Services folder used for cloud computing or to sync with other devices

Address book

Note: these folders are available on a MacBook Pro device (with Snow Leopard OS), the order or name of the folders may differ from computer to computer or from one operating system to another. But the principle is the same.

When you sell your used cellular phone try to do a “factory data reset” and all the information and personal settings will be removed. This is mandatory when you sell your used device.

Step 1: go to settings

Step 2: select SD&phone storage

Step 3: select Factory data reset

This should reset all your information on your phone.

Note: these folders are available on HTC Desire running on Android version 2.2.

As announced in the last blog post here, E-Crime Expert presents today the National Data Protection Legal Acts of each Member State as required by the implementation of the Directive 95/46. This could be helpful for anyone interested as there are significant differences among the Member States DP national legal frameworks, acquired during their implementation process of the Directive 95/46. In this regards, for a company running commercial activities in Belgium, their compliance when processing personal data in Belgium, should be subject to the Belgian DP national Law. The Directive 95/46 has no direct implication or relation to their processing operations in Belgium or in any other member States. This Directive sets forth the general European legal framework with the minimum protection requirements for the national DP laws implemented by each member State in their own ways. Therefore, for any interested party, company or data subject, it is useful to know which DP Laws particularly applies when running businesses, doing electronic commerce or any other activities that require processing of personal data.

This is the last post of a series brought you by E-Crime Expert, that aims to make the readers and data subject familiar to the most common terminology in order to better understand and protect their personal data and privacy.

Reliability is the property of consistent intended behavior and results.

Residual Risk (Information Security)

Residual risks are the risks that remain after risk treatment or, in other words, after protective measures were introduced.

Right of rectification

Anyone can have incorrect data relating to him rectified free of charge, and have other data erased if they are irrelevant, incomplete or prohibited, or have the use of those data prohibited. If the controller does not react, the data subject may address the Commission, which will attempt to mediate. The data subject may also submit a complaint to the judicial police.

Right to object

You may always object to the use of your data, provided that you have serious reasons for this. You cannot object to a data processing operation that is required by a law or a regulatory provision, or that is necessary to perform a contract you have entered into. However, you always have the right to object to the illegitimate use of your data and can always object free of charge and without justification if your data are processed for direct marketing purposes.

To object you have to send a dated and signed request, including a document proving your identity (for example a copy of your identity card) to the controller by letter or by fax (a request by e-mail is only accepted with an electronic signature). The request can also be submitted on the spot. The controller then has one month to reply. If he fails to do so or if his reply is not convincing, you can address the Commission, which will try to mediate. You can also take your case to court.

Risk (Information Security)

A risk is the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization (for example a virus deleting a file). It is measured in terms of a combination of the probability of an event and its consequence.

A risk is characterized by two factors: the probability that an incident will occur and the gravity of the potential direct consequences and the indirect impact.

The risk can also depend on time: the situation can become worse after an incident if adjusting measures are not taken in time (for instance a software glitch infecting a database, spyware retrieving passwords, encrypted codes or pin numbers). That way, an innocent incident can have disastrous consequences.

Risk Management (Information Security)

Risk management identifies the most important risks and distinguishes between the risks that have to be taken care of and acceptable risks. It uses security resources that deal with the dangers for personal data according to a scale of priorities. The risk management process constitutes a cycle that is repeated depending on the particular characteristics of the systems and the identified risks. Risk management results in final processes and an updated security policy, and often also in adaptations to the organization and its procedures in order to better take into account possible new risks, as well as the measures that have been taken.

(S) Safe Harbor Principles

In consultation with the European Commission, the American Department of Commerce elaborated the Safe Harbor Principles, intended to facilitate the transfer of personal data from the European Union to theUnited States. If companies make a statement to the American Department of Commerce agreeing with these principles and declaring they are prepared to respect them (meaning, among other things, that the American Federal Trade Commission can check whether theyr respect these principles), they are considered as companies ensuring adequate safeguards for data protection.

Security measures (Information Security)

Security measures, also called “protective measures” or “security controls”, are procedures or decisions that limit risks. Security measures can be effective in several ways: by lessening possible dangers, correcting vulnerabilities or limiting the possible direct consequences or indirect impact. It is also possible to work with time: if incidents are traced better and sooner, action can be taken before the situation gets any worse.

Sensitive data

Certain personal data are more sensitive than others. An individual’s name and address are rather innocent data, but this does not hold true for his political opinions, sexual preferences or judicial past. The Privacy Law regulates registration and use of those sensitive data more strictly in comparison with other personal data.

For persons wishing to transfer data outside the European Community, the European Commission has elaborated standard contractual clauses, which allow for a data transfer meeting the European legal conditions for data protection (article 25 ff of Directive 95/46/EC). In other words, the parties signing these contracts are considered as parties ensuring adequate safeguards for the protection of privacy.

(T) Threat (Information Security)

A threat is any unexpected event that can damage one of the enterprise’s assets and therefore prejudice personal data protection.

to have been freely given. In other words, the data subject was not pressurised to say “yes”;

to be specific, meaning that the consent relates to a well-defined processing operation;

to be informed. The data subject has received all useful information about the planned processing.

It is not necessary for the consent to be given in writing, but oral consent does create problems with the burden of proof in case of difficulties.

(V) Vulnerability (Information Security)

Vulnerability is the weakest link of an asset or a group of assets that can be exploited by one or more imminent dangers (developer’s mistake, wrong installation). In most cases vulnerability is due to the fact that an asset is not sufficiently protected, rather than to the asset itself.

Vulnerability in itself is not harmful to the organization. Only when an imminent danger can accidentally use the vulnerability and possible special circumstances, a damaging incident can occur.